--iface Dose nothing

[csafg2]

Manually setting --iface=enp0s8 in kube-flannel seems to be totally ignored.

      containers:
      - name: kube-flannel
        image: quay.io/coreos/flannel:v0.11.0-s390x
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        - --iface=enp0s8

kubectl apply -f flannel.yaml reports everything as OK. however when looking at logs flannel is still using default interface.

Pears@node1:~$ kubectl logs pod/kube-flannel-ds-amd64-hrgdl | grep interface
I0401 07:43:11.961053       1 main.go:514] Determining IP address of default interface
I0401 07:43:12.237615       1 main.go:527] Using interface with name enp0s3 and address 10.0.2.15

Expected Behavior

enp0s8 interface should be used.

Current Behavior

Always uses the default interface.

Context

I realized this issue when trying to setup a service with ExtranalTrafficPolicy set to cluster. and my pods were responding only on nodes where that specific pod is present

Your Environment

• Flannel version: 0.11
• Kubernetes version (if used): 1.14
• Operating System and version: Ubuntu 18.04 LTS

[csafg2]

My bad, it seems that kube-flannel is configured multiple times in that deployment file. so you need to pass the argument to all of them.

[Amirilw]

i did configure it at all places, still not working for me , have any advice ?

---

apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: psp.flannel.unprivileged annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default spec: privileged: false volumes:

• configMap
• secret
• emptyDir
• hostPath allowedHostPaths:
• pathPrefix: "/etc/cni/net.d"
• pathPrefix: "/etc/kube-flannel"
• pathPrefix: "/run/flannel" readOnlyRootFilesystem: false

  Users and groups

  runAsUser: rule: RunAsAny supplementalGroups: rule: RunAsAny fsGroup: rule: RunAsAny

  Privilege Escalation

  allowPrivilegeEscalation: false defaultAllowPrivilegeEscalation: false

  Capabilities

  allowedCapabilities: ['NET_ADMIN'] defaultAddCapabilities: [] requiredDropCapabilities: []

  Host namespaces

  hostPID: false hostIPC: false hostNetwork: true hostPorts:

  • min: 0 max: 65535

    SELinux

    seLinux:

    SELinux is unsed in CaaSP

    rule: 'RunAsAny'

    kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: flannel rules:

  • apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: ['psp.flannel.unprivileged']
  • apiGroups:
    • "" resources:
    • pods verbs:
    • get
  • apiGroups:
    • "" resources:
    • nodes verbs:
    • list
    • watch
  • apiGroups:
    • "" resources:
    • nodes/status verbs:

    • patch

      kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: flannel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannel subjects:

  • kind: ServiceAccount name: flannel namespace: kube-system

    apiVersion: v1 kind: ServiceAccount metadata: name: flannel namespace: kube-system

    kind: ConfigMap apiVersion: v1 metadata: name: kube-flannel-cfg namespace: kube-system labels: tier: node app: flannel data: cni-conf.json: | { "name": "cbr0", "plugins": [ { "type": "flannel", "delegate": { "hairpinMode": true, "isDefaultGateway": true } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } net-conf.json: | { "Network": "172.16.0.0/16", "Backend": { "Type": "vxlan" } }

    apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds-amd64 namespace: kube-system labels: tier: node app: flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: amd64 tolerations:

    • operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers:
    • name: install-cni image: quay.io/coreos/flannel:v0.11.0-amd64 command:
    • cp args:
    • -f
    • /etc/kube-flannel/cni-conf.json
    • /etc/cni/net.d/10-flannel.conflist volumeMounts:
    • name: cni mountPath: /etc/cni/net.d
    • name: flannel-cfg mountPath: /etc/kube-flannel/ containers:
    • name: kube-flannel image: quay.io/coreos/flannel:v0.11.0-amd64 command:
    • /opt/bin/flanneld args:
    • --ip-masq
    • --kube-subnet-mgr
    • --iface=enp0s8 resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN"] env:
    • name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name
    • name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts:
    • name: run mountPath: /run/flannel
    • name: flannel-cfg mountPath: /etc/kube-flannel/ volumes:
    • name: run hostPath: path: /run/flannel
    • name: cni hostPath: path: /etc/cni/net.d

    • name: flannel-cfg configMap: name: kube-flannel-cfg

      apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds-arm64 namespace: kube-system labels: tier: node app: flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: arm64 tolerations:

    • operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers:
    • name: install-cni image: quay.io/coreos/flannel:v0.11.0-arm64 command:
    • cp args:
    • -f
    • /etc/kube-flannel/cni-conf.json
    • /etc/cni/net.d/10-flannel.conflist volumeMounts:
    • name: cni mountPath: /etc/cni/net.d
    • name: flannel-cfg mountPath: /etc/kube-flannel/ containers:
    • name: kube-flannel image: quay.io/coreos/flannel:v0.11.0-arm64 command:
    • /opt/bin/flanneld args:
    • --ip-masq
    • --kube-subnet-mgr
    • --iface=enp0s8 resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN"] env:
    • name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name
    • name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts:
    • name: run mountPath: /run/flannel
    • name: flannel-cfg mountPath: /etc/kube-flannel/ volumes:
    • name: run hostPath: path: /run/flannel
    • name: cni hostPath: path: /etc/cni/net.d

    • name: flannel-cfg configMap: name: kube-flannel-cfg

      apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds-arm namespace: kube-system labels: tier: node app: flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: arm tolerations:

    • operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers:
    • name: install-cni image: quay.io/coreos/flannel:v0.11.0-arm command:
    • cp args:
    • -f
    • /etc/kube-flannel/cni-conf.json
    • /etc/cni/net.d/10-flannel.conflist volumeMounts:
    • name: cni mountPath: /etc/cni/net.d
    • name: flannel-cfg mountPath: /etc/kube-flannel/ containers:
    • name: kube-flannel image: quay.io/coreos/flannel:v0.11.0-arm command:
    • /opt/bin/flanneld args:
    • --ip-masq
    • --kube-subnet-mgr
    • --iface=enp0s8 resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN"] env:
    • name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name
    • name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts:
    • name: run mountPath: /run/flannel
    • name: flannel-cfg mountPath: /etc/kube-flannel/ volumes:
    • name: run hostPath: path: /run/flannel
    • name: cni hostPath: path: /etc/cni/net.d

    • name: flannel-cfg configMap: name: kube-flannel-cfg

      apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds-ppc64le namespace: kube-system labels: tier: node app: flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: ppc64le tolerations:

    • operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers:
    • name: install-cni image: quay.io/coreos/flannel:v0.11.0-ppc64le command:
    • cp args:
    • -f
    • /etc/kube-flannel/cni-conf.json
    • /etc/cni/net.d/10-flannel.conflist volumeMounts:
    • name: cni mountPath: /etc/cni/net.d
    • name: flannel-cfg mountPath: /etc/kube-flannel/ containers:
    • name: kube-flannel image: quay.io/coreos/flannel:v0.11.0-ppc64le command:
    • /opt/bin/flanneld args:
    • --ip-masq
    • --kube-subnet-mgr
    • --iface=enp0s8 resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN"] env:
    • name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name
    • name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts:
    • name: run mountPath: /run/flannel
    • name: flannel-cfg mountPath: /etc/kube-flannel/ volumes:
    • name: run hostPath: path: /run/flannel
    • name: cni hostPath: path: /etc/cni/net.d

    • name: flannel-cfg configMap: name: kube-flannel-cfg

      apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds-s390x namespace: kube-system labels: tier: node app: flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: s390x tolerations:

    • operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers:
    • name: install-cni image: quay.io/coreos/flannel:v0.11.0-s390x command:
    • cp args:
    • -f
    • /etc/kube-flannel/cni-conf.json
    • /etc/cni/net.d/10-flannel.conflist volumeMounts:
    • name: cni mountPath: /etc/cni/net.d
    • name: flannel-cfg mountPath: /etc/kube-flannel/ containers:
    • name: kube-flannel image: quay.io/coreos/flannel:v0.11.0-s390x command:
    • /opt/bin/flanneld args:
    • --ip-masq
    • --kube-subnet-mgr
    • --iface=enp0s8 resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN"] env:
    • name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name
    • name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts:
    • name: run mountPath: /run/flannel
    • name: flannel-cfg mountPath: /etc/kube-flannel/ volumes:
    • name: run hostPath: path: /run/flannel
    • name: cni hostPath: path: /etc/cni/net.d
    • name: flannel-cfg configMap: name: kube-flannel-cfg

[haanyip]

not work + 1

[haanyip]

i finally solved it! just add - --iface={your_iface_name} for every node of "args"

[timyl]

add this args to all Daemonset and it works for me [root@k8s-master01 ~]# bridge fdb show dev flannel.1 a2:05:9f:ac:40:da dst 192.168.56.103 self permanent 0e:22:e2:f3:09:04 dst 192.168.56.103 self permanent ce:cf:6f:d7:c9:4c dst 192.168.56.102 self permanent 8e:32:8d:27:ac:9a dst 192.168.56.102 self permanent

[ysyyork]

To be specific, I added multiple DaemonSet into the kube-flannel.yml and used a node selector to select the specific node with the specific iface name.